Technical Tip: How to collect email from FortiGate with IP based policy where no authentication is used

knaveenkumar · ‎10-29-2024

Description

This article describes how to collect email from FortiGate with IP based policy where no authentication is used.

Scope

FortiGate.

Solution

Enable the Email collection under Feature Visibility -> Email Collection:

First step is to enable Email collection under Feature Visibility Email Collection.JPG

Enable the email collection under the CLI command in the policy where it is necessary to start collecting email IDs.

Commands:

config firewall policy

edit <policy ID>

set email-collect enable

end

Once the above is enabled, users from the policy will get the below notification and disclaimer and users need to accept and provide a valid email ID to access the internet:

First step is to enable Email collection.JPG

Once the Terms and Disclaimer Agreement is accepted and a valid email ID is provided, the user will be allowed to access the Internet.

Add the Email Collection widget under Dashboard -> Status -> Add Monitor to verify email collection.

Search for Email collection:

email a.JPG

When selecting Collected Email Monitor, select the FortiGate hostname from dropdown :

Emal b.JPG

Once selected, should be possible to see the collected email IDs:

Email c.JPG

To check for collected emails in the CLI:

diagnose firewall auth mac list

00:47:65:**:**:**, e*****@gmail.com
type: email, id: 0, duration: 956, idled: 8
expire: 863992, allow-idle: 864000
flag(1000): src_idle
packets: in 31532 out 14664, bytes: in 30781092 out 2863132

----- 1 listed, 0 filtered ------

Technical Tip: How to collect email from FortiGate with IP based policy where no authentication is used

You are leaving our website